Про бэкдоры.
Mr. RobotHere are examples of demonstrated back doors in proprietary software.
- Tesla cars have a universal back door.
- While remotely allowing car “owners” to use the whole battery capacity did not do them any harm, the same back door would permit Tesla (perhaps under the command of some government) to remotely order the car to use none of its battery. Or perhaps to drive its passenger to a torture prison.
- Many models of Internet-connected cameras contain a glaring backdoor—they have login accounts with hard-coded passwords, which can't be changed, andthere is no way to delete these accounts either.
- Since these accounts with hard-coded passwords are impossible to delete, this problem is not merely an insecurity; it amounts to a backdoor that can be used by the manufacturer (and government) to spy on users.
- Vizio “smart” TVs have a universal back door.
- The Amazon Echo appears to have a universal back door, since it installs “updates” automatically.
- We have found nothing explicitly documenting the lack of any way to disable remote changes to the software, so we are not completely sure there isn't one, but it seems pretty clear.
- Chrome has a back door for remote erasure of add-ons.
- WhatsApp has a back door that the company can use to read the plaintext of messages.
- This should not come as a surprise. Nonfree software for encryption is never trustworthy.
- A pregnancy test controller application not only can spy on many sorts of data in the phone, and in server accounts, it can alter them too.
- Xiaomi phones come with a universal back door in the application processor, for Xiaomi's use.
- This is separate from the universal back door in the modem processor that the local phone company can use.
- Capcom's Street Fighter V update installed a driver that can be used as a backdoor by any application installed on a Windows computer.
- The Dropbox app for Macintosh takes total control of the machine by repeatedly nagging the user for an admini password.
- The universal back door in portable phonesis employed to listen through their microphones.
- Most mobile phones have this universal back door, which has been used to turn them malicious.
- More about the nature of this problem.
- Microsoft has already backdoored its disk encryption.
- Modern gratis game cr…apps collect a wide range of data about their users and their users' friends and associates.
- Even nastier, they do it through ad networks that merge the data collected by various cr…apps and sites made by different companies.
- They use this data to manipulate people to buy things, and hunt for “whales” who can be led to spend a lot of money. They also use a back door to manipulate the game play for specific players.
- While the article describes gratis games, games that cost money can use the same tactics.
- Dell computers, shipped with Windows, had a bogus root certificate that allowed anyone (not just Dell) to remotely authorize any software to run on the computer.
- Baidu's proprietary Android library, Moplus, has a back door that can “upload files” as well as forcibly install apps.
- It is used by 14,000 Android applications.
- ARRIS cable modem has a backdoor in the backdoor.
- Caterpillar vehicles come with a back-door to shutoff the engine remotely.
- Mac OS X had an intentional local back door for 4 years.
- Users reported that Microsoft was forcing them to replace Windows 7 and 8 with all-spying Windows 10.
- Microsoft was in fact attacking computers that run Windows 7 and 8, switching on a flag that said whether to “upgrade” to Windows 10 when users had turned it off.
- Later on, Microsoft published instructions on how to permanently reject the downgrade to Windows 10.
- This seems to involve use of a back door in Windows 7 and 8.
- A Chinese version of Android has a universal back door. Nearly all models of mobile phones have a universal back door in the modem chip. So why did Coolpad bother to introduce another? Because this one is controlled by Coolpad.
- Microsoft Windows has a universal back door through which any change whatsoever can be imposed on the users.
- More information on when this was used.
- In Windows 10, the universal back door is no longer hidden; all “upgrades” will beforcibly and immediately imposed.
- German government veers away from Windows 8 computers with TPM 2.0 due to potential back door capabilities of the TPM 2.0 chip.
- The iPhone has a back door that allows Apple to remotely delete apps which Apple considers “inappropriate”. Jobs said it's ok for Apple to have this power because of course we can trust Apple.
- The iPhone has a back door for remote wipe. It's not always enabled, but users are led into enabling it without understanding.
- Apple can, and regularly does, remotely extract some data from iPhones for the state.
- This may have improved with iOS 8 security improvements; but not as much as Apple claims.
- Windows 8 also has a back door for remotely deleting apps.
- You might well decide to let a security service that you trust remotely deactivateprograms that it considers malicious. But there is no excuse for deleting the programs, and you should have the right to decide who (if anyone) to trust in this way.
- As these pages show, if you do want to clean your computer of malware, the first software to delete is Windows or iOS.
- In Android, Google has a back door to remotely delete apps. (It is in a program called GTalkService).
- Google can also forcibly and remotely install apps through GTalkService (which seems, since that article, to have been merged into Google Play). This is not equivalent to a universal back door, but permits various dirty tricks.
- Although Google's exercise of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely deactivate programs that it considers malicious. But there is no excuse for allowing it to delete the programs, and you should have the right to decide who (if anyone) to trust in this way.
- Samsung Galaxy devices running proprietary Android versions come with a back door that provides remote access to the files stored on the device.
- The Amazon Kindle-Swindle has a back door that has been used to remotely erase books. One of the books erased was 1984, by George Orwell.
- Amazon responded to criticism by saying it would delete books only following orders from the state. However, that policy didn't last. In 2012 it wiped a user's Kindle-Swindle and deleted her account, then offered her kafkaesque “explanations.”
- The Kindle-Swindle also has a universal back door.
- HP “storage appliances” that use the proprietary “Left Hand” operating system have back doors that give HP remote login access to them. HP claims that this does not give HP access to the customer's data, but if the back door allows installation of software changes, a change could be installed that would give access to the customer's data.
- Some D-Link routers have a back door for changing settings in a dlink of an eye.
- Many models of router have back doors.
- The TP-Link router has a backdoor.
- Some applications come with MyFreeProxy, which is a universal back door that can download programs and run them.
Here is a big problem whose details are still secret.
- The FBI asks lots of companies to put back doors in proprietary programs. We don't know of specific cases where this was done, but every proprietary program for encryption is a possibility.
Here is a suspicion that we can't prove, but is worth thinking about.
- Writable microcode for Intel and AMD microprocessors may be a vehicle for the NSA to invade computers, with the help of Microsoft, say respected security experts.
The EFF has other examples of the use of back doors.